worm attack network?

What to do if your network is already infected:

  1. Check your antivirus vendor’s website for disinfection instructions
  2. Disinfection of this worm is complex and could require shutting down parts of your network
  3. Restrict USB stick usage and block unnecessary traffic at your firewalls

Labels:


Read more!

worm infection

What to do to avoid worm infection:

  1. Make sure latest Microsoft patches have been applied
  2. Make sure your organisation is running the latest version of your antivirus product
  3. Check that the antivirus product has the latest updates
  4. Turn off AUTORUN and AUTOPLAY for USB sticks
  5. Make sure users domain passwords are strong
  6. Take extra care about the domain administrators’ passwords

Labels:


Read more!

How to kill that worm?

Microsoft has recommended that Windows users install the emergency update, then run the January edition of the MSRT to scrub the worm from compromised computers.

what is MSRT anyway?

The Windows Malicious Software Removal Tool is freely-distributed software developed by Microsoft for its Windows operating system.

The program is updated on the second Tuesday of every month via Windows Update, at which point it runs automatically in the background and reports if malicious software is found. To run it manually at other times, users can download the tool from Microsoft and start "mrt.exe" from the command interface, by going to the system32 folder, or by using the Run command in the Start Menu.

The Microsoft Windows Malicious Software Removal Tool checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.

Note The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. If you would like to run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.

Because computers can appear to function normally when infected, Microsoft advises you to run this tool even if your computer seems to be fine. You should also use up-to-date antivirus software to help protect your computer from other malicious software.

To download the latest version of this tool, please visit the Microsoft Download Center.






Labels: ,


Read more!

Downadup worm - part 2

What does the worm do?

Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully.

Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.

Once this worm infects a machine, it protects itself very aggressively. It does this by setting itself to restart very early in the boot-up process of the computer and by setting Access Rights to the files and registry keys of the worm so that the user can't remove or change them.

The worm downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm based on current date and time. As there are hundreds of different domain names that could be used by the malware, it is hard for security companies to locate and shut them all down in time.

F-Secure has released a free tool that can remove known versions of Downadup. The tool is also available for download from F-Secure's blog.

Labels:


Read more!

Downadup worm


A new version of the Downadup worm infects Windows workstations and servers on corporate networks. Since the new year, F-Secure has received several reports of corporate network infections and is working closely with these companies, as well as various CERT organisations, to fight this outbreak.

Downadup (also known as Conficker) is a large family of network worms that is unusually difficult to remove, especially in the case of an internal infection inside a corporate network.

W32/Downadup is an email worm. The worm will infect Windows systems.

Upon execution, the worm drops svchost.exe in the Windows System folder.

The worm modifies registry at the following locations to register itself as a system service:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

What does the worm do? Part 11
What to do if you're infected? Part 111

Labels:


Read more!

Advanced Firewall

Windows® Firewall with Advanced Security is a stateful, host-based firewall that blocks incoming and outgoing connections based on its configuration. While typical end-user configuration of Windows Firewall still takes place through the Windows Firewall Control Panel tool, advanced configuration now takes place in a Microsoft® Management Control (MMC) snap-in named Windows Firewall with Advanced Security. The inclusion of this snap-in not only provides an interface for configuring Windows Firewall locally but also for configuring Windows Firewall on remote computers and via Group Policy. Firewall functions are now integrated with IPsec (Internet Protocol security) protection settings, reducing the possibility of conflict between the two protection mechanisms. Windows Firewall with Advanced Security supports separate profiles for when computers are domain-joined or connected to a private or public network. It also supports the creation of rules for enforcing server and domain isolation policies. Windows Firewall with Advanced Security supports more granular rules, including Microsoft Active Directory® users and groups, source and destination Internet Protocol (IP) addresses, IP port number, ICMP settings, IPsec settings, specific types of interfaces, services, and more.

Labels:


Read more!

Oracle 41 security patches


Definitions of Security patches on the Web: A patch is a small piece of software designed to update or fix problems with a computer program or its supporting data.

January 8, 2009 (Computerworld) Oracle Corp. will issue 41 security patches next Tuesday addressing vulnerabilities across "hundreds" of its products, the company said in a pre-release announcement.

The updates fix vulnerabilities across "hundreds of Oracle products", an alert from Oracle warns.

Highlights include nine critical bug fixes for Oracle Secure Backup, all of which might lend themselves to remote exploitation, and two critical fixes for Oracle Application Server. There's also five critical updates for Oracle BEA WebLogic server software packages."

More than 15 of those patches address flaws that were described by the company as being remotely executable without the need for authentication -- a class of vulnerability to which Oracle usually assigns its highest severity rating. Of these, nine are slated for Oracle Secure Backup, two for its Application Server product and five for its BEA Product Suite.

more on http://www.computerworld.com


Labels:


Read more!
> Virtual Private Network
> ERP Software Implementation Best Practice
> Disk Defragmentation: All You Needed To Know
> Overclocking your Processor
> List of computer hardisk brand - which is better?
> Windows multi-touch mouse vs Apple Magic Mouse
> What is multi-touch technology?
> Google unveils Conversation Mode for Translate app
> Apple Planning 3-D Kinect-Like Interface?
> 5 Technologies That Just Might Be Extinct By the E...

> February 2008
> April 2008
> May 2008
> June 2008
> July 2008
> January 2009
> April 2009
> May 2009
> September 2009
> October 2009
> January 2010
> September 2010
> October 2010
> November 2010
> December 2010
> January 2011
> April 2011